From 873550e6c270f9b0ff5c85defc91d4ba98921497 Mon Sep 17 00:00:00 2001
From: Sooraj S <sooorajjj@gmail.com>
Date: Mon, 13 Jul 2020 13:05:57 +0530
Subject: [PATCH 1/5] sepolicy: allow platform_app to create named pipes

---
 common/private/platform_app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/common/private/platform_app.te b/common/private/platform_app.te
index 07183e7..ef16b76 100644
--- a/common/private/platform_app.te
+++ b/common/private/platform_app.te
@@ -9,3 +9,7 @@ hal_client_domain(platform_app, hal_lineage_livedisplay)
 
 # Allow PowerShare HAL service to be found
 hal_client_domain(platform_app, hal_lineage_powershare)
+
+# allow platform_app to create named pipes (used for realm support)
+allow platform_app fuse:fifo_file create;
+allow platform_app app_data_file:fifo_file create_file_perms;
-- 
GitLab


From 8dd15c2420b0e26651fe60557d02fca03f0e9c84 Mon Sep 17 00:00:00 2001
From: Sooraj S <sooorajjj@gmail.com>
Date: Wed, 11 Nov 2020 17:46:53 +0530
Subject: [PATCH 2/5] sepolicy: allow platform_app rs_exec:file rx_file_perms

foundation.e.camera depend on being able to execute /system/bin/bcc. Allow
it.
---
 common/private/platform_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/common/private/platform_app.te b/common/private/platform_app.te
index ef16b76..6e42d15 100644
--- a/common/private/platform_app.te
+++ b/common/private/platform_app.te
@@ -13,3 +13,5 @@ hal_client_domain(platform_app, hal_lineage_powershare)
 # allow platform_app to create named pipes (used for realm support)
 allow platform_app fuse:fifo_file create;
 allow platform_app app_data_file:fifo_file create_file_perms;
+allow platform_app app_data_file:fifo_file open;
+allow platform_app rs_exec:file rx_file_perms;
-- 
GitLab


From 09e49572261afe2ce6b84cc063f07629fd2fa1ab Mon Sep 17 00:00:00 2001
From: Alexandre Roux <alexandre.roux.danzi@lostpod.me>
Date: Fri, 7 Aug 2020 07:41:32 +0000
Subject: [PATCH 3/5] sepolicy: allow platform_app access app_data_file

---
 common/private/platform_app.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/private/platform_app.te b/common/private/platform_app.te
index 6e42d15..9c14c8f 100644
--- a/common/private/platform_app.te
+++ b/common/private/platform_app.te
@@ -15,3 +15,6 @@ allow platform_app fuse:fifo_file create;
 allow platform_app app_data_file:fifo_file create_file_perms;
 allow platform_app app_data_file:fifo_file open;
 allow platform_app rs_exec:file rx_file_perms;
+
+# Allow platform apps to execute files in /data
+allow platform_app app_data_file:file execute;
-- 
GitLab


From f02d37d8334453a6b2fac2a09188b3a22ce48be8 Mon Sep 17 00:00:00 2001
From: Jonathan Klee <jonathan.klee@e.email>
Date: Wed, 23 Feb 2022 11:03:58 +0100
Subject: [PATCH 4/5] Revert "Remove unused weather service policy"

This reverts commit 44fd376702bfbb8648b5fa63137da576d391deb1.
---
 common/private/service.te       | 1 +
 common/private/service_contexts | 1 +
 common/private/untrusted_app.te | 1 +
 3 files changed, 3 insertions(+)

diff --git a/common/private/service.te b/common/private/service.te
index 053d448..00de95a 100644
--- a/common/private/service.te
+++ b/common/private/service.te
@@ -4,3 +4,4 @@ type lineage_globalactions_service, system_api_service, system_server_service, s
 type lineage_livedisplay_service, system_api_service, system_server_service, service_manager_type;
 type lineage_profile_service, system_api_service, system_server_service, service_manager_type;
 type lineage_trust_service, system_api_service, system_server_service, service_manager_type;
+type lineage_weather_service, system_api_service, system_server_service, service_manager_type;
diff --git a/common/private/service_contexts b/common/private/service_contexts
index 633c6ac..c859222 100644
--- a/common/private/service_contexts
+++ b/common/private/service_contexts
@@ -2,6 +2,7 @@ lineageglobalactions                      u:object_r:lineage_globalactions_servi
 lineagehardware                           u:object_r:lineage_hardware_service:s0
 lineagelivedisplay                        u:object_r:lineage_livedisplay_service:s0
 lineagetrust                              u:object_r:lineage_trust_service:s0
+lineageweather                            u:object_r:lineage_weather_service:s0
 profile                                   u:object_r:lineage_profile_service:s0
 
 adbroot_service                           u:object_r:adbroot_service:s0
diff --git a/common/private/untrusted_app.te b/common/private/untrusted_app.te
index 77959f6..39d2b4b 100644
--- a/common/private/untrusted_app.te
+++ b/common/private/untrusted_app.te
@@ -1 +1,2 @@
 allow untrusted_app_all lineage_profile_service:service_manager find;
+allow untrusted_app_all lineage_weather_service:service_manager find;
-- 
GitLab


From aa2947eaeb877565975b3c28856acdbca63ca71d Mon Sep 17 00:00:00 2001
From: TheScarastic <warabhishek@e.email>
Date: Mon, 7 Mar 2022 14:53:27 +0530
Subject: [PATCH 5/5] sepolicy: Add rules for tracker blocker

---
 common/private/netd.te | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 common/private/netd.te

diff --git a/common/private/netd.te b/common/private/netd.te
new file mode 100644
index 0000000..bc71718
--- /dev/null
+++ b/common/private/netd.te
@@ -0,0 +1 @@
+allow netd platform_app:unix_stream_socket connectto;
-- 
GitLab